Privacy & cookies.

FRN Watch is committed to protecting your privacy and complying with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Questions about how we handle your data? Email privacy@frnwatch.com.

When you sign up

• Your name and email address
• A password, which is hashed by Supabase Auth — we never see it
• Your company name (optional)

For payments

Payment card details are handled by Stripe. We never see or store your full card details. We receive a confirmation that payment was successful and store your billing email.

When you use the service

• The FRN numbers you choose to monitor
• Email addresses where you want to receive alerts
• Your notification preferences

Automatically collected

• Basic usage information — pages visited, when the service is used
• Technical information — IP address, browser type — for security and troubleshooting
• Cookies (see Cookies section below)

Public FCA data

We collect publicly available information from the FCA Financial Services Register about the firms you monitor. This is public regulatory data that anyone can access.

We use your information to:

• Run the service: create your account, check the FCA register daily for changes, and send you alerts
• Process payments: handle your subscription through Stripe
• Provide support: respond to questions and issues
• Improve the service: understand how the product is used
• Keep it secure: detect and prevent fraud, spam, and unauthorised access
• Comply with the law: keep records for tax and respond to legal requests

Legal bases: providing the service you signed up for (contract), our legitimate interests in running and improving the service, and legal obligations such as tax records.

We do not sell your data to anyone. We share it only with services that help run FRN Watch:

Some of these services are based in the USA, which means your data may be transferred internationally. Each has appropriate data protection agreements in place.

Legal requirements

We may disclose your information if required by law or to protect against fraud or illegal activity.

• While you’re a customer: we keep all your data so the service works
• After you cancel: we keep basic account and payment records for 6 years (UK tax law), then delete
• Usage logs: deleted after 12 months
• Support emails: kept for 2 years, then deleted

What we do today:

• All HTTP traffic is served over TLS (managed by Vercel)
• Passwords are hashed by Supabase Auth — never stored in plaintext
• Database storage is encrypted at rest by Supabase (Postgres on AWS)
• Regular database backups by Supabase

We do not currently hold SOC 2, ISO 27001, or Cyber Essentials certifications. SSO (SAML / OIDC) and enforced MFA are not available today. We will say so on the security page the moment those ship — and not before.

No system is perfectly secure. Please use a strong, unique password.

Under UK data protection law you have the right to:

• Access the data we hold about you
• Correct anything that’s wrong
• Delete your account and data (some records must be kept for tax)
• Export your data in a portable format
• Object to certain processing
• Withdraw consent for marketing emails

To exercise any of these, email privacy@frnwatch.com and we’ll respond within a month.

If you’re unhappy with how we’ve handled your data, you can complain to the Information Commissioner’s Office at ico.org.uk/make-a-complaint.

Essential — required

• Authentication: keeps you logged in (Supabase)
• You can’t disable these without breaking the service

Analytics & performance — optional

• Vercel Analytics: anonymous page views and performance data
• Sentry: error monitoring to help us fix bugs
• CookieChimp: cookie consent management
• You can opt out via the cookie banner when you first visit

We may update this policy occasionally. If we make significant changes, we’ll email you. Otherwise, check the “last updated” date at the top of this page.

Email privacy@frnwatch.com.